Forum Discussion
Authentication Failure for IMAP and POP3 using Client Credential flow for OAuth2.0 | Java
Hi. I had the same problem, but I think I made some progress.
I read documentation few times, tried few times from the start with same error. I even have tried using client and object ids instead of email as username, in lack of better ideas.
So this is where I think I have made mistake previous times.When you are at the part that you need to register service principal, you need to execute
New-ServicePrincipal -AppId <APPLICATION_ID> -ServiceId <OBJECT_ID> [-Organization <ORGANIZATION_ID>]here I put enterprise application object id as ServiceId argument. And that is ok.
But on
Add-MailboxPermission -Identity "email address removed for privacy reasons" -User <SERVICE_PRINCIPAL_ID> -AccessRights FullAccessI have put my registered application object id as User argument. I also tried setting object id of enterprise application, but it did not have success.
I also tried New-ServicePrincipal but with registered app object id as service id, but it gave me the same result.
When I executed
Get-ServicePrincipal -Organization <ORGANIZATION_ID> | flI did not pay attention to ServiceId property, even with documentation specifying it and saying it will be different.
Now I cleared everything and started fresh.
I executed all the steps again, but on the step when I need to add mail permission, I list service principals, and then use `ServiceId` value from the output, as argument for user.
With that, I was able to authorise.
Unfortunately, now I receive `C3 BAD User is authenticated but not connected.` when I try to list inbox. But it is step forward.
I am not sure if you made the same error as me, but maybe it will help you in some way.
I will post info, when I find fix for the new error if somebody comes across same issue.
manish1614I'm also facing the same issue with IMAP OAuth Authentication with Client Credentials flow. I have followed Microsoft's documentation as you mentioned above. I have given IMAP.AccessAsApp, POP.AccessAsApp permissions, but the access_token is not working with those permissions. Did you find any solution for this?
- Thank you Manish.
We're in the same same boat here.. been working on this the entire day and haven't been able to get it to work. One thing I am confused about. How does Office 365 link the username (.e.g. email address removed for privacy reasons) to the OAUTH2 credential? Am I supposed to be able to login into any mailbox using the access token? I am getting the access token from a certificate attached to a created application in Azure.
- I was confused about that at first too. So I believe the answer is that in each of the mailboxes you want your app to access you must run the PowerShell commands that grant the App you've setup to the mailbox. You can see the app (if it's assigned correctly) in the user detail under "Applications". So, you request the access token as the client_id/secret for the app, then you can use that in the IMAP session, but for the "user" you use the email address you want to check. Whichever email addresses your app is assigned to it can read the email for. That's at least how I read it described.
What once was a simple process, has now become infinitely more complicated! [cut this post because it contained potentially misleading info]
